Rvr: Security Vulnerabilities
A stored cross-site scripting vulnerability exists in the web management interface of the R.V.R. Elettronica TLK302T telemetry controller (firmware 1.5.1799).
CVSS Score
3.5
EPSS Score
0.001
Published
2025-12-08
The R.V.R Elettronica TEX product (firmware TEXL-000400, Web GUI TLAN-000400) is vulnerable to broken access control due to improper authentication checks on the /_Passwd.html endpoint. An attacker can send an unauthenticated POST request to change the Admin, Operator, and User passwords, resulting in complete system compromise.
CVSS Score
9.8
EPSS Score
0.002
Published
2025-11-19